f09168f9f1b4a547b567867888acd999_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f09168f9f1b4a547b567867888acd999_JaffaCakes118
Size

2.2MB
MD5

f09168f9f1b4a547b567867888acd999
SHA1

6d7c551ef539deef9060f456994df09cfc251b58
SHA256

7b98790fb99b7de35d9cef0d0c535610eaf9540122adc51d75301bda6a27fd54
SHA512

f4b386ccf4aa2865a9a7d6b5ec4d5cd722b33c7133f248827428b0727497996b539230c2cbeba866db7f50e145b74d32521fa60443cce421c73826160522a09a
SSDEEP

49152:ayMcl+N5Kmct7xAo7qW213Ifcfgjx2lpSk:gcITytzV214kfgjxUSk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f09168f9f1b4a547b567867888acd999_JaffaCakes118

Files

f09168f9f1b4a547b567867888acd999_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c221dc252f77dba10c30b293fbc0fb5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
ProcessIdToSessionId
GetCPInfo
SetCurrentDirectoryW
ExitProcess
GlobalFree
FreeLibrary
QueryPerformanceCounter
CreateMutexW
VirtualAlloc
IsBadReadPtr
GetCurrentDirectoryA

gdi32

CreateFontW
CloseFigure
GetTextCharsetInfo
GetWinMetaFileBits
RoundRect
StartPage
CreateEllipticRgn

advapi32

InitializeAcl
RegCreateKeyW
UnlockServiceDatabase
RegSetValueExW

msvcrt

qsort
isdigit
wcsrchr
_exit
ftell
isalnum
__setusermatherr

version

GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.6MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 419KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ